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1 claim *7 (original) : The xnotfiod accord! n g to Claim 1. whcr«n the selected iwource* are fttnetion 

2 calls to functions of one or more executable program a . 

1 Claim 8 (original): The method according to Claim I. wherein the selected resources are 

2 JEnterprisc JavaBeans (**EJBs") and the permitted actions are methods or* the EJBs 

1 Claim 9 (original): The method according to Claim 1 „ wherein the selected resources are servlots 

2 and the permitted actions are methods of the servlets. 

1 Claim lO (original): The method according to Claim 1. wherein the selected resources are 

2 Uniform Resource Identifiers <**UTRJs") and the permitted actions are methods which reference the 

3 XJBJs. 

1 Claim 1 1 (origiiial): The method according to Claim 1. wherein the selected resources are 

2 jRVaScrver Pages (**JSPs") and the permitted actions are methods referenced from the J SPs. 

1 Claim 12 (original): The method according to Claim 1. wherein the selected resources are any 

2 resource that is expressible to the security system and the permitted actions are selected from a set 

3 of actions that are permitted on those resources. 

1 Claim 13 (original): The method according to Claim 1, further comprising the steps of: 

2 receiving an access request for a particular one of the selected resources; 

Serial No 09/943,6 1 B -S- RSW920010125US1 
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l Claim 1 (currently amended): A method of improving security policy administration and 

Z enforcement using a role— permission model k comprising steps of 

■ 3 identifying one or more groups of permitted actions on selected resources; 

4 assigning a name to each identified group; 

5 defining each agaian ed -na i i w t o a securi t y system as a secu i ity object; and 

6 associating subjects with each assigned name. 

1 Claim 2 (original); The method according to Claim 1, wherein the assigned name is a role name. 

1 Claim 3 (original): The method according to Claim 1 „ wherein the selected resources are 

2 executable methods. 

1 Claim -4 (original); The method according to Claim 1 , wherein the selected resources are columns 

2 of a database table. 

l Claim S (original); The method according to Claim 1 . wherein the selected resources are rows of 

2 a database table. 

1 Claim 6 (original): The method according to Claim I, wherein the selected resources are files and 

2 the permitted actions are file access operations. 
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Claim 7 (original): The method according to Claim 1, wherein the selected resources are function 
calls to functions of one or more executable programs. 

Claim 8 (original): The method according to Claim 1, wherein the selected resources are 
Enterprise JavaBeans ("EJBs") and the permitted actions are methods on the EJBs. 

Claim 9 (original): The method according to Claim 1, wherein the selected resources are servlets 
and the permitted actions are methods of the servlets. 

Claim 10 (original): The method according to Claim 1, wherein the selected resources are 
Uniform Resource Identifiers ("URls") and the permitted actions are methods which reference the 
URIs 

Claim 1 1 (original): The method according to Claim I, wherein the selected resources are 
JavaServer Pages ("JSPs") and the permitted actions are methods referenced from the JSPs. 

Claim 12 (original): The method according to Claim 1, wherein the selected resources are any 
resource that is expressible to the security system and the permitted actions are selected from a set 
of actions that are permitted on those resources. 

Claim 13 (original): The method according to Claim 1, further comprising the steps of: 
receiving an access request for a particular one of the selected resources; 
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determining one or more roles which are required for accessing the particular resource; 
determining an identity of a source of the access request; 

for each of the required roles, until obtaining a successful result or exhausting the required 
roles, determining whether the identity of the source is associated with the required role; and 
authorizing access to the particular resource only if the successful result was obtained. 

Claim 14 (original): The method according to Claim 13, wherein the step of determining the one 
or more roles further comprises consulting a collection created from the identified permitted 
actions on the particular resource. 

Claim 15 (currently amended): A system for improving security policy administration and 
enforcement in a computing network using a role-permission model, comprising: 

means for identifying one or more groups of permitted actions on selected resources; 

means for assigning a name to each identified group; 

means for defining eac h assigned name to a securi t y system a* a Acunity object, and 
means for associating subjects with each assigned name. 

Claim 16 (original): The system according to Claim 15, further comprising: 

means for receiving an access request for a particular one of the selected resources; 
— . for d*™^ on. or n™ rofes which m fc ^ 

resource; 
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7 access request; 

8 for each or the required roles, until obtaining a successful result or exhausting the required 

9 roles, computer readable program code means for determining whether the identity of the source 

10 is associated with the required role; and 

1 1 computer readable program code means for authorizing access to the particular resource 

12 only if the successful result was obtained. 



6 for each of the required roles, until obtaining a successful result or exhausting the required 

7 roles, means for determining whether the identity of the source is associated with the required 

8 role; and 

9 means for authorizing access to the particular resource only if the successful result was 
10 obtained. 

1 Claim 1 7 {currently amended): A computer program product for improving security policy 

2 administration and enforcement in a computing network using a role-permission model, the 

3 computer program product embodied on one or more computer readable media and comprising: 

4 computer readable program code means for identifying one or more groups of permitted 

5 actions on selected resources; 

6 computer readable program code means for assigning a name to each identified group; 

7 computer readable program code means for defining each assigned name to a securi t y 

8 system as a seem iiy object; and 

9 computer readable program code means for associating subjects with each assigned nam e. 

1 Claim 18 (original): The computer program product according to Claim 17, further comprising: 

2 computer readable program code means for receiving an access request for a particular 

3 one of the selected resources; 

4 computer readable program code means for determining one or more roles which are 

5 required for accessing the particular resource; 

6" computer readable program code means for determining an identity of a source of the 
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access request, 

for each of the required roles, until obtaining a successful result or exhausting the required 
roles, computer readable program code means for determining whether the identity of the source 
is associated with the required role; and 

computer readable program code means for authorizing access to the particular resource 

only if the successful result was obtained. 
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